Lawful basis for processing data - Thames Reach

Lawful basis for processing data

The GDPR requires that Data Controllers establish a lawful basis for processing data. At least one of the following conditions must apply whenever personal data is processed:

Consent: the individual has given clear consent for us to process their personal data for a specific purpose

Contract: the processing is necessary for a contract that we have with the individual, or because they have asked us to take specific steps before entering into a contract

Legal obligation: the processing is necessary for us to comply with the law

Vital interests: the processing is necessary to protect someone’s life

Public task: the processing is necessary for us to perform a task in the public interest or for our official function, and the task or function has a clear basis in law

Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data, which overrides those legitimate interests